18 matches found
CVE-2020-24029
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...
EUVD-2020-16764
Malware in sbrugna...
EUVD-2020-16765
Malware in sbrugna...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24029
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...
CVE-2020-24030
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expire...
CVE-2020-24030
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expire...
Default credentials
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates...
Cross site request forgery (csrf)
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request...
Privilege escalation
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24028
The CVE-2020-24028 entry concerns ForLogic Qualiex v1 and v3. It states that an authenticated customer can achieve privilege escalation via actions such as creating users, changing passwords, or updating user permissions, within the user’s own permission scope. The supplier‑provided note (as of 2...
CVE-2020-24029
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...
CVE-2020-24029
CVE-2020-24029 affects ForLogic Qualiex v1 and v3, where unauthenticated password changes could expose customer/admin permissions and data via a simple request. The root cause is unauthenticated password changes; as of 2025-10-14, the supplier indicates this is corrected in all maintained version...
CVE-2020-24030
CVE-2020-24030 affects ForLogic Qualiex v1 and v3, where weak token expiration allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. Across connected sources, the issue is tied to token handling rather than a traditional flaw in application logic. The Re...
CVE-2020-24030
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expire...